Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2014-9520

    SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.... Read more

    Affected Products : infinitewp infinitewp_admin_panel
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9519

    SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.... Read more

    Affected Products : infinitewp infinitewp_admin_panel
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9518

    Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.... Read more

    Affected Products : dir-655_firmware dir-655
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9517

    Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.... Read more

    Affected Products : dcs-2103_firmware dcs-2103
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9516

    Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.... Read more

    Affected Products : social_microblogging_pro
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9389

    Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more

    Affected Products : nexus
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-8085

    Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing ... Read more

    Affected Products : osclass
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8084

    Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.... Read more

    Affected Products : osclass
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-8083

    SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.... Read more

    Affected Products : osclass
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2014-2598

    Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the q... Read more

    Affected Products : quick_page\/post_redirect
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1679

    Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9509

    The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consump... Read more

    Affected Products : typo3
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9508

    The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs ... Read more

    Affected Products : typo3
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-9507

    MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9506

    MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.... Read more

    Affected Products : mantisbt
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9277

    The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.1

    MEDIUM
    CVE-2014-9276

    Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authen... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2013-2131

    Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.... Read more

    Affected Products : rrdtool
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2014-9464

    SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 6.8

    MEDIUM
    CVE-2010-5320

    Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via a... Read more

    Affected Products : memht_portal
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293608 Results